Exploring the Metamorfo Banking Trojan
May 17, 2024, 4:03 p.m.
Tags
External References
Description
This report delves into a malware campaign known as Metamorfo, a banking Trojan that spreads through malspam campaigns. It entices users to click on HTML attachments, initiating a series of activities focused on gathering system metadata. The infection chain involves obfuscation techniques, URL evasion tactics, and the downloading of malicious payloads. The malware establishes connections with remote servers, collects sensitive data, disables security measures, performs registry modifications, and persists on the compromised system. The campaign primarily targets North and South American geolocations, aiming to steal victims' financial information and banking credentials.
Date
Published: May 17, 2024, 3:38 p.m.
Created: May 17, 2024, 3:38 p.m.
Modified: May 17, 2024, 4:03 p.m.
Indicators
zfi8ny6yi30s.website
89.117.37.61
89.116.236.122
51.38.235.152
80.211.249.77
38.54.20.37
216.238.70.224
212.46.38.43
192.46.216.151
185.45.195.226
185.185.87.45
172.105.111.154
158.69.110.217
154.223.16.114
149.100.158.179
139.177.193.74
54.39.10.87
86.38.217.167
vqz8.gotdns.ch
jkue.myftp.biz
jan.viewdns.net
baza.alta-bars.ru
avs.myftp.biz
a.3utilities.com
yuphsa6qwtg5.online
z5im1ou9o480se02pro.online
x6vl9710f400g7alstar.online
x50zbqev4po5.online
newlife2020.club
mpy8n37wvwu2now.online
l155vcram2hl6ws0.online
k6ue95v1ca2r.online
albumdepremios.com.br
cevda3jvv5oz1t37.online
6c48ax07dy25hvu0hub.online
4yw2twoy438df9qt.online
2xo0uaqv4cqds331mart.online
09dfwss6g1v73sya.online
ad2.gotdns.ch
Attack Patterns
Metamorfo
TrojanSpy:Win32/Casbaneiro
Metamorfo
T1063
T1578
T1135
T1548
T1113
T1036.005
T1547
T1112
T1562